Finished my latest wiring project today. No big deal, but it's satisfying.
Last year I set up some driveway lights, and I had to open up some ceilings to get power over to the corner of the house where the conduit exits. While it was open I added some smurf tube for future data cable, and now that tube is populated.
The ugly cables along the baseboards in the mud room are now gone. One was disused coaxial cable and is now gone, the other was moved to the tube and feeds the ethernet jack in my son's bedroom. The tube also now contains an ethernet run to the den, where it is feeding a hardwired Roku in the home theater. We got tired of the shitty Chromecast and are ready to have the same solid experience that we do in the living room.
Plus I can make the posers' heads explode by telling them that my televisions are all attached to the network on 100 Mbps ports. (They're feed throughs from wireless access points, in case you were wondering.) I'll bet most of them think they need 2.5 Gbps ports or 10 Gbps ports for everything.
In practice, an HD stream is only 4 to 8 Mbps, and even a 4K stream is only 15 to 68 Mbps -- usually less, in practice, and the transition from H.264 to H.265 will make it even less. So it's a good use for those ports and I don't have to add a switch to the main wiring center.
And to think ... I could have spent my saturday drinking beer and watching sportsball!
I spent time in the garage, setting things up to be tossed that have not been used in a while ( like a vacuum pump.. ).
Sat Nov 11 2023 18:33:51 EST from IGnatius T Foobar
And to think ... I could have spent my saturday drinking beer and watching sportsball!
I spented the day workering on softwares. KittyGuard v2.0 was released today. Very nice.
https://gitlab.com/LadySerenaKitty/kgtools
Interesting. I use pritunl which is nice because it has 2FA. There's wireguard support, but it's a bit of a bolt-on and I haven't made the time to fully investigate it yet...
KittyGuard and Pritunl both look like they roughly exist in the same space as TailScale. Now that WireGuard is here it looks like lots of people are attracted to the idea of using it as an overlay network instead of manually stitching together point-to-point links as was the common practice with IPsec.
I like this approach. I like it a lot. And yet, I cannot use it. Actually I could use KittyGuard if my FreeBSD machine was sitting at the network edge, but it isn't. All of the machines at my home are sitting behind a Mikrotik router, which supports WireGuard natively. Yes, I know I could switch to any of half a dozen different open source routers running on a cute little edge device, but I spend my days designing and maintaining data centers and I gave up high-intensity home network sysadmin job 12 years ago. And anyway my home network is all Mikrotik, the router has the controller for the wifi access points, etc.
So anyway, I've got the Mikrotik handling my home network, another WireGuard instance at the edge of my server farm at the main data center, and a few other locations where I have stuff. That's what KittyNet sounds like, so maybe we have the same kind of setup.
I'd like to do the "zero configuration ultra-mesh" type of thing, with the endpoints registering their locations so everyone can talk to everyone. But so far, no one has done it in a mixed-mode kind of way.
You can still use KittyGuard! Just make sure you do "doas pkg install -y miniupnpc" then configure KittyGuard appropriately. KittyGuard uses the upnpc command to get its UDP port forwards for WireGuard packets to come in.
With WireGuard, there is no need to sit at the network edge, as long as packets can flow, you're good. KittyGuard makes that part easy.
Thu Nov 16 2023 09:34:59 EST from IGnatius T Foobar
KittyGuard and Pritunl both look like they roughly exist in the same space as TailScale. Now that WireGuard is here it looks like lots of people are attracted to the idea of using it as an overlay network instead of manually stitching together point-to-point links as was the common practice with IPsec.
I like this approach. I like it a lot. And yet, I cannot use it. Actually I could use KittyGuard if my FreeBSD machine was sitting at the network edge, but it isn't. All of the machines at my home are sitting behind a Mikrotik router, which supports WireGuard natively. Yes, I know I could switch to any of half a dozen different open source routers running on a cute little edge device, but I spend my days designing and maintaining data centers and I gave up high-intensity home network sysadmin job 12 years ago. And anyway my home network is all Mikrotik, the router has the controller for the wifi access points, etc.
So anyway, I've got the Mikrotik handling my home network, another WireGuard instance at the edge of my server farm at the main data center, and a few other locations where I have stuff. That's what KittyNet sounds like, so maybe we have the same kind of setup.
I'd like to do the "zero configuration ultra-mesh" type of thing, with the endpoints registering their locations so everyone can talk to everyone. But so far, no one has done it in a mixed-mode kind of way.
Totally out in left field i know..and i could go look i guess
But is the protocol across UDP or TCP ?
Reason i ask office blocks nearly all UDP packets on public WiFi. and nearly all ports other than 80 and 443 and a couple others across TCP. I have a hard time getting anything to work. "we are so secure" yet they prevent people from using it to be secure too. Oh and while its not 'blocked' VPN use is forbidden on the internal network unless its theirs. You get caught you get fired.
WireGuard runs UDP. Since it runs in the kernel, it can be any port you want. Fun fact: there's no default "wireguard port" in the spec.
Thu Nov 16 2023 14:38:59 EST from Nurb432Totally out in left field i know..and i could go look i guess
But is the protocol across UDP or TCP ?
Reason i ask office blocks nearly all UDP packets on public WiFi. and nearly all ports other than 80 and 443 and a couple others across TCP. I have a hard time getting anything to work. "we are so secure" yet they prevent people from using it to be secure too. Oh and while its not 'blocked' VPN use is forbidden on the internal network unless its theirs. You get caught you get fired.
I suppose you could also build route server technology into WireGuard itself, but that would be contrary to one of the design goals of WireGuard, which is to be simple and small. It does that admirably.
WireGuard has built-in routering. You just need to connect your peers and WireGuard handles all routing internally.
Yes, yes it does. And it works well. I'm using it to build a virtual network across five (ok now four, since one machine moved recently) sites. Some of the wireguard endpoints are individual machines, but others are gateways with subnets behind them. Among the gateways, one is a virtual machine running the reference implementation, and one is a Mikrotik router.
At present, I have to manually establish links between pairs of sites. There's no automatic full mesh.
Software such as Tailscale handles that for you, but it requires their server and their software on each endpoint. I'm, looking for a standard way of automatically establishing a full mesh.
Right. However LoRa does have the range advantage, but its traded for speed. ( and isn't really native IP ) so i do see a place for both in the world. But ya, it might eat into some IoT use that LoRa has been dominating over.
And apparently its really low power resource use too.
Wed Dec 27 2023 13:17:41 EST from IGnatius T FoobarWeird. So they're going to do something in the 900 MHz band, like 1st-generation cordless phones. I could see it taking some market share away from LoRa and Zigbee on the basis of "you already have it" if they start building it into consumer grade routers.
KittyGuard and Pritunl both look like they roughly exist in the same
space as TailScale. Now that WireGuard is here it looks like lots of
If I remember correctly, I looked at TailScale a while back. Overkill for my use-case because it supports all this fully-meshed stuff (which pritunl does not). I don't know what to tell you about KittyGuard... ask the Kitty.
I'm actively thinking about how I want to set up my VPN mesh as I shuffle things around.
And yet ... I might not need it at all. I'm slowly coming to the realization that just about every location has IPv6 now. My hosting front end has IPv6, my home network has IPv6, and my smartphone is native IPv6 (from which it is derived that my laptop has IPv6 when I tether).
What are the reasons to use a VPN? Reachability and privacy. IPv6 solves the reachability issue, and just about every protocol now has its own TLS encryption now anyway. So I might just go without!